zui icon indicating copy to clipboard operation
zui copied to clipboard

Published 20 hours ago verified publisher icon brimdata

Table view shows empty/missing complex value when it actually contains data

Open philrz opened this issue 1 year ago • 2 comments

Repro is with Brim commit 55d1fdc and attached test data, http.zng.gz which are records based on importing the Emotet pcap referenced in #1245.

To repro, import the test data and execute the query:

_path=="http"
| count() by status_code,host
| counts:=collect({status_code,count}) by host

In the default Table view, the counts values are rendered as if each is an empty array. However, clicking to the Inspector tab and expanding them reveals that each array actually contains a single-element record.

https://user-images.githubusercontent.com/5934157/180078239-998d2710-ddb3-4a61-9dbd-efb52b61404e.mp4

As a user, the Table view had me fooled at first such that I thought incorrectly there might have been a bug in collect()

When certain top-level complex structures are imported (such as the array in prs.json) the app doesn't try to render anything in the Table view and instead says "The table view can only render records at the moment." For the case shown in the video here, I'm not sure if it's feasible/desirable for the Table view to render what it can and show some kind of visual cue in the arrays that indicates they're non-empty but would need to be viewed in the Inspector, or if it should check all data to be rendered and fall back to the "The table view can only render..." message if anything is deemed un-renderable at any level.

philrz avatar Jul 20 '22 20:07 philrz

It looks like I can also repro the problem with a set data type as well. I assume it shares a root cause so I'm mentioning it here, but can open a separate issue if it turns out it needs to be handled separately. I'm using Brim commit ba79d86 at the moment.

Test data data.zson:

{my_array:[1,2,3,4,5]}
{my_set:|["foo",1.5]|}
{my_map:|{"a":1(int32),"b":2(int32),"c":3(int32)}|}
{my_record:{orig_h:10.164.94.120,orig_p:39681(port=uint16),resp_h:10.47.3.155,resp_p:3389(port)}}

Notice the top row in the Table view shows empty values.

image

Of course they're visible in the Inspector.

image

philrz avatar Jul 25 '22 23:07 philrz

Here's another example I bumped into in Brim commit 8ac2379: The output of count() by typeof(this) using the sample.zng from this repo.

The records show up blank in the Table view.

image

But they're present in Inspector.

image

philrz avatar Sep 08 '22 23:09 philrz

This one is on track to be addressed by the changes in #2626.

As shown in the attached video on commit 4014451 of the branch from #2626, now the complex value is shown in abbreviated form without having to jump to the Inspector view. It's also possible to click to expand and see its full contents.

https://user-images.githubusercontent.com/5934157/210014721-2acebc33-a337-484e-a322-194e8cf0bdcc.mp4

I'll do a final verification when the changes merge, but looks 👍 right now.

philrz avatar Dec 29 '22 21:12 philrz

Verified in Brim commit 499a2c9.

In the attached video, all three pieces of test data described in previous comments are imported and shown to render correctly now in the Table view.

https://user-images.githubusercontent.com/5934157/214935022-1e403834-0f9c-42a9-878e-404fd929fc3a.mp4

Thanks @jameskerr!

philrz avatar Jan 26 '23 19:01 philrz